Security Permissions & Access Controls in Aras

Robust "Need To Know" Level Security in Aras

MarcL: Defining and managing security permission access controls in PLM is very important.   Please describe how Aras provides the ability to specify access privileges to specific data (metadata, managed data objects and files) as well as processes for individuals and groups including those outside the firewall like suppliers and customers.

Peter Schroer:

Aras Innovator security, authentication and data access rights model was directly defined by our defense industry customers including the US Army, US Air Force, Lockheed Martin, L-3 Communications, Rolls-Royce Naval Marine and others.

Every business object (item) in Aras is linked to a “need-to-know” access control list which specifies the access rights of each User with that data element.

Aras Innovator out-of-the-box configuration implements data access security to the Item level.  Attribute level security is implemented using view masks, rather than permission controls by attribute.

This design improves performance and simplifies the day-to-day management of data security.  For the end users, the net effect is the same, they will only see the data items, and the attributes of those items that they have permission to work with.  

Out-of-the-box access rights management in Aras covers control of Read, Discover, Update, Create, Delete, and Modify-Rights, for any Data Item by any Identity, where Identity is a hierarchical construct with inheritance of access rights permissions.

All data items in Aras are linked to a hierarchical organization structure that simplifies the task of segregating data that can be managed by one product team versus another team or by customer or by owner.

Tags: access controls, document management, framework, permissions, Security